Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/c1d9b7-393d-4625-afe7-f3c887281eba/1/KDCfBX3ad6A_00hrvSAJKYMpmcs.roa
File:                     KDCfBX3ad6A_00hrvSAJKYMpmcs.roa (raw, json)
Hash identifier:          fNL/A2pz+GNUAG3d72o3KDJ4AJqpHRk0BtaNcUYXr/8=
Subject key identifier:   28:30:9F:05:7D:DA:77:A0:3F:D3:48:6B:BD:20:09:29:83:29:99:CB
Certificate issuer:       /CN=b59be6ee549f335c728497a79f1441034e852c35
Certificate serial:       01942368DD6C8212FB020B0BADB74D73FA03
Authority key identifier: B5:9B:E6:EE:54:9F:33:5C:72:84:97:A7:9F:14:41:03:4E:85:2C:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tZvm7lSfM1xyhJennxRBA06FLDU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/c1d9b7-393d-4625-afe7-f3c887281eba/1/KDCfBX3ad6A_00hrvSAJKYMpmcs.roa
Signing time:             Wed 01 Jan 2025 19:47:42 +0000
ROA not before:           Wed 01 Jan 2025 19:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15576
IP address blocks:        195.137.172.0/24 maxlen: 24
                          2a06:5100::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/c1d9b7-393d-4625-afe7-f3c887281eba/1/tZvm7lSfM1xyhJennxRBA06FLDU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/c1d9b7-393d-4625-afe7-f3c887281eba/1/tZvm7lSfM1xyhJennxRBA06FLDU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tZvm7lSfM1xyhJennxRBA06FLDU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 07:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:dd:6c:82:12:fb:02:0b:0b:ad:b7:4d:73:fa:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b59be6ee549f335c728497a79f1441034e852c35
        Validity
            Not Before: Jan  1 19:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28309f057dda77a03fd3486bbd200929832999cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:44:a0:1a:65:7b:8c:f1:4a:90:2e:c3:79:97:
                    59:38:f2:90:10:fb:10:59:51:f7:0d:06:a1:5e:74:
                    87:be:1f:ee:de:2e:e4:9e:af:76:75:5b:bf:3a:7e:
                    24:79:f8:cb:45:fd:69:46:22:8f:6a:66:61:2d:74:
                    20:cd:33:42:91:ba:32:ca:9c:d5:76:c7:ac:9e:72:
                    ea:c9:bf:09:35:30:7c:54:b5:aa:a1:a9:70:1c:1f:
                    ed:4a:ca:40:2d:20:78:d2:a9:bd:4f:10:cc:1f:85:
                    c5:5d:34:46:79:86:6b:a1:73:10:57:36:7c:76:18:
                    c7:f7:e4:4e:f1:f0:ca:c4:42:e7:a8:72:77:74:bb:
                    6d:53:00:90:50:18:fa:b7:1a:d2:ef:2d:e6:cc:3a:
                    a1:09:b1:3c:c3:cb:c6:ee:f6:b4:2d:10:d2:38:2a:
                    28:a1:c9:7f:08:b2:3b:28:f8:61:9e:5e:92:f3:7c:
                    06:37:67:71:49:fb:6e:f3:5f:f3:4d:3c:01:0d:e2:
                    f4:db:a6:37:5c:96:c8:de:ad:61:06:4b:1f:70:c4:
                    a9:99:cd:4b:ca:58:cd:16:5a:f0:57:b2:32:b0:91:
                    6c:77:ce:75:75:37:33:15:ab:05:10:d0:1d:c9:2a:
                    4a:98:2f:30:c0:b8:6c:42:7d:93:48:d5:7c:29:65:
                    5e:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:30:9F:05:7D:DA:77:A0:3F:D3:48:6B:BD:20:09:29:83:29:99:CB
            X509v3 Authority Key Identifier:
                keyid:B5:9B:E6:EE:54:9F:33:5C:72:84:97:A7:9F:14:41:03:4E:85:2C:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tZvm7lSfM1xyhJennxRBA06FLDU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/c1d9b7-393d-4625-afe7-f3c887281eba/1/KDCfBX3ad6A_00hrvSAJKYMpmcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/c1d9b7-393d-4625-afe7-f3c887281eba/1/tZvm7lSfM1xyhJennxRBA06FLDU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.137.172.0/24
                IPv6:
                  2a06:5100::/29

    Signature Algorithm: sha256WithRSAEncryption
         ad:78:7d:cd:a2:35:19:b5:10:dc:c7:35:19:cc:6f:db:e3:36:
         23:b0:b7:15:ae:9c:66:19:95:03:d5:b7:aa:b1:60:44:6b:7b:
         b0:c0:be:7f:3c:43:ac:76:c4:0d:c8:04:fa:61:48:05:87:22:
         b1:e5:60:03:69:ed:81:59:5e:f7:66:d0:f9:80:85:e6:16:d3:
         74:3f:24:e0:e1:ef:07:39:02:f0:3b:22:7c:bf:a9:c1:f9:a4:
         77:29:5a:2a:b1:49:5e:c0:76:a2:98:b9:64:f1:e1:8e:c4:b1:
         18:d6:df:d3:c5:a0:3c:4c:46:0d:14:68:8f:6e:69:b1:f5:d8:
         fc:45:e6:d6:1d:66:c8:44:b3:58:35:00:a0:9f:d9:5c:4f:ae:
         9a:a4:b6:81:77:de:fc:bb:f6:db:a1:1b:72:1f:ba:03:eb:10:
         07:cc:0e:31:ea:6b:4f:6c:01:cc:08:01:a9:33:06:a4:f0:5d:
         6d:09:58:e1:7b:74:0c:73:cf:dc:38:73:6e:94:a4:3a:4c:a2:
         6f:34:bd:00:d7:86:c2:92:9c:4b:00:63:49:73:db:6f:cc:6b:
         d1:e0:a4:c8:20:0a:86:94:46:92:a6:86:4c:47:18:67:86:b7:
         bf:97:ad:ed:c8:bf:56:0a:0a:fe:e1:0e:38:4a:0d:0a:08:04:
         46:d2:80:fb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQjaN1sghL7AgsLrbdNc/oDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1OWJlNmVlNTQ5ZjMzNWM3Mjg0OTdhNzlmMTQ0MTAzNGU4
NTJjMzUwHhcNMjUwMTAxMTk0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODMwOWYwNTdkZGE3N2EwM2ZkMzQ4NmJiZDIwMDkyOTgzMjk5OWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0SgGmV7jPFKkC7DeZdZOPKQEPsQ
WVH3DQahXnSHvh/u3i7knq92dVu/On4kefjLRf1pRiKPamZhLXQgzTNCkboyypzV
dsesnnLqyb8JNTB8VLWqoalwHB/tSspALSB40qm9TxDMH4XFXTRGeYZroXMQVzZ8
dhjH9+RO8fDKxELnqHJ3dLttUwCQUBj6txrS7y3mzDqhCbE8w8vG7va0LRDSOCoo
ocl/CLI7KPhhnl6S83wGN2dxSftu81/zTTwBDeL026Y3XJbI3q1hBksfcMSpmc1L
yljNFlrwV7IysJFsd851dTczFasFENAdySpKmC8wwLhsQn2TSNV8KWVeiQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCgwnwV92negP9NIa70gCSmDKZnLMB8GA1UdIwQY
MBaAFLWb5u5UnzNccoSXp58UQQNOhSw1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFp2bTdsU2ZNMXh5aEplbm54UkJBMDZGTERVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9jMWQ5YjctMzkzZC00NjI1LWFmZTct
ZjNjODg3MjgxZWJhLzEvS0RDZkJYM2FkNkFfMDBocnZTQUpLWU1wbWNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9jMWQ5YjctMzkzZC00NjI1LWFmZTctZjNjODg3MjgxZWJh
LzEvdFp2bTdsU2ZNMXh5aEplbm54UkJBMDZGTERVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAw4msMA0E
AgACMAcDBQMqBlEAMA0GCSqGSIb3DQEBCwUAA4IBAQCteH3NojUZtRDcxzUZzG/b
4zYjsLcVrpxmGZUD1beqsWBEa3uwwL5/PEOsdsQNyAT6YUgFhyKx5WADae2BWV73
ZtD5gIXmFtN0PyTg4e8HOQLwOyJ8v6nB+aR3KVoqsUlewHaimLlk8eGOxLEY1t/T
xaA8TEYNFGiPbmmx9dj8RebWHWbIRLNYNQCgn9lcT66apLaBd978u/bboRtyH7oD
6xAHzA4x6mtPbAHMCAGpMwak8F1tCVjhe3QMc8/cOHNulKQ6TKJvNL0A14bCkpxL
AGNJc9tvzGvR4KTIIAqGlEaSpoZMRxhnhre/l63tyL9WCgr+4Q44Sg0KCARG0oD7
-----END CERTIFICATE-----